---
title: Hiding our malware window
course: code_malware
section: "Building sockets"
layout: lesson
---

In the previous lessson we included all the libraries we are going to use. Now
let's start working in the malware itself, let's begin with the main function,
this will be in charge of performing the client/server connection.

Let's define an int **APIENTRY** function called "**WinMain**". APIENTRY? What
is that? As we are creating a windows application, there must be a function
called "**WinMain**" and we specify **APIENTRY**, so we can use some methods and
constants we'll need throughout the code, this function also takes some
arguments:

  * "**hInstance**", whose type is **HINSTANCE**
  * "**hPrev**", whose type is **HINSTANCE**
  * "**lpCmdLine**", whose type is **LPSTR**
  * **nCmdShow**", whose type is an integer (**int**)

"**hInstance**" is the handler of an instance or a module. The operating system
uses this value to identify the executable of a software when it's loaded in the
memory.

"**hPrev**" this is not important as it will be always "0"

"**lpCmdLine**" contains a command-line command arguments

"**nCmdShow**" is the value that determines whether a window is maximised,
minimised or with a custom sized declared by the user

So far, our main main function code looks like this:

```c
int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrev, LPSTR lpCmdLine, int nCmdShow) {
}
```

The first thing we'll need to do, is that, by default our window will not be
visible, as you don't want your victim to know something is being executed in
the background in their computer, or you want to make them think that the
software they opened is corrupt, and therefore, that's why it doesn't open.

To do that, we'll need to create a new variable, whose type will be "**HWND**"
(console window handle), in my case I'll call it "_stealth_" y call the
"**AllocConsole()**" function. What does this function do, is to assign a
console to the process that is being executed (in our case, a malware).

The value of "_stealth_" will be the console we just "created", to do so, in the
next line we'll type: "_stealth = FindWindowA("ConsoleWindowClass", NULL)_".
This function requires two arguments, the first, is the name of the class of the
window we are looking for, and the second one, is the name of the window, in
our case, it's null (as we haven't assigned a name to it).

Then, we'll call another function called "_ShowWindow_" that will allow us to
determine if the window will be shown or not, as we are developing a malware, we
don't want it to execute anything else, but to stay in the background. To do so,
we'll pass this function two arguments, the first, is the window handler (the
one we called "_stealth_" before) and the second is a value that represents
"_nCmdShow_" and we will set it to 0. Why 0? 0 represents the "hidden" state of
a window.

This is how our code looks so far:

```c
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <winsock2.h>
#include <windows.h>
#include <winuser.h>
#include <wininet.h>
#include <windowsx.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>

int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrev, LPSTR lpCmdLine, int nCmdShow) {
  HWND stealth;
  AllocConsole();
  stealth = FindWindowA("ConsoleWindow", NULL);

  ShowWindow(stealth, 0);
}
```
